Understanding Accounting Cybersecurity Risk

Alavanca Systems - IT Support for Accounting, Tax and Finance Firms

There is nothing in this world that is without some level of risk. In driving your car to work today, you allowed for some measure of risk.

But, you can’t let the looming specter of danger freeze you in your tracks and bring your forward progress to a grinding halt, right?

The truth is that there are cybercriminal syndicates, lone-wolf hackers, and even rogue nation-states that put accounting firms in the USA in their crosshairs.


Because your databases house valuable information — information that they can use themselves or sell on the dark web.

A firm like Alavanca Systems steps between you and the cybercriminals that want to do your business harm, putting in place hardware, software, and protocols that mitigate your exposure to the methods and tactics of cybercrime.

In this article, we’ll dive into three topics that are essential to the understanding of your accounting firm’s cybersecurity risk:

  • Level of Cybersecurity Risk
  • Types of Cybersecurity Risk
  • Reduction of Cybersecurity Risk

We’re not going to dive headlong into the technical weeds of addressing accounting firm cybersecurity risk, but we will provide you with a framework understanding that will help you make data-driven decisions about your workflow and data security.

So, let’s get started.

1. Do Chicagoland Accounting Firms Have Cybersecurity Risk Exposure?

You already know that the unfortunate but unequivocal answer is, “Yes.”

There are two forces at play here. First, accounting firms possess an unprecedented amount of business and personal data. Second, the vast majority of CPA businesses fall into the small to mid-size company category and, as such, have not committed as many resources to hardening their defenses as enterprise-level corporations.

1+1 always equals 2.

When these two factors are examined together, it’s easy to understand why accountants in Chicagoland and across the country are looking to understand what cybersecurity risk is and how to bring their risk profile within tolerable levels.

The Dangers of Data Exfiltration

Data exfiltration – sometimes also referred to as “data leakage” – is far more serious than those two clinical-sounding phrases would make you believe. When a cyber-criminal gets access to your firm’s proprietary data or your client’s confidential tax/financial information, they get an easy payday, and you get a bucketload of trouble.

Cybercriminals target accounting firms to “withdraw” information like they would money at a bank. Cybersecurity risk for accounting firms has real-life consequences.

What do they do with the data that they exfiltrate?

  • Sell it on the dark web
  • Use it for blackmail
  • Use it to access business and client accounts elsewhere
  • Publish it to embarrass clients and your firm

No matter what the criminals want to do with the data that they steal from your firm, the end result is a black mark on your reputation, clients that are angry, and potentially, the end of your business.

2. What are the Cybercriminal Tactics? – Cybersecurity Risk Vectors?

As we jump feet-first into understanding what avenues cybercriminals use to target your business interests and your clients, it’s important to note that cybersecurity is an ever-evolving and fluctuating target. IT security is a full-time job. Cybersecurity professionals are constantly having to respond, adapt, and outthink their criminal counterparts. This is one critical reason why outsourcing your cybersecurity to a 24/7 cybersecurity monitoring and management firm like Alavanca Systems is essential.


Cyberattack Outcomes – What do the Bad Guys Want to Do?

Let’s look at the desired effect of cybercriminal activity upon accounting firms. There are three main goals of the criminal in regard to the IT systems that support your workflow.

  • Harvest Data

A data breach happens when someone (either internally or externally) is able to access information that they are not authorized to see/use. Data breaches often happen as a result of stolen identity credentials, such as passwords and biometric information. When big companies like Equifax get hacked, the event hits the nightly news, but what you don’t hear about is the 100 small firms that get hacked in that same week.

The challenge, obviously, is the damage to your firm’s reputation, the privacy of your clients, and the penalties levied by regulatory bodies.


  • Create Disarray and Downtime

Some cyberattacks are intended to cause downtime and chaos within your organization. The scary part is that disarray and downtime aren’t always the result of an outside force. Employees that haven’t been educated regarding their role in cybersecurity can easily open the wrong email, download the wrong file, or plug in the wrong USB drive. That simple action is enough to allow malware into the system, crashing your operations.

Regardless of intent, downtime delays your projects, frustrates employees, and costs you money in lost productivity and revenue.


  • Demand a Ransom

Ransomware has become the tool of choice for cybercriminals worldwide. Every industry, from government and education to manufacturing and energy, has felt the sting of the “pay us or lose all your data” ransom demand.

Ransomware is a lucrative business for cybercriminal syndicates and rogue nation-states. They run their operations like a company, complete with facilities and employees dedicated to profiting from locking you out of your own data and systems.


Cyberattack Delivery Methods – What Ways to Bad Actors Gain Access to Your Systems?

Now that we have discussed what cybercriminals WANT to do to your business, let’s discuss the tactics they employ.

  • Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

These attacks are intended to overwhelm your systems, blocking you and your clients from being able to use your own IT systems, internet connection, cloud assets, or web assets.

  • Phishing and spear phishing attacks.

A phishing attack uses deceptive emails and websites to encourage the user to take an action that will open a door of entry for the cybercriminal. Spear phishing is much the same but is refined and targeted at one individual. The most common version of phishing is emails that seemingly come from a trusted source – like your bank or your boss – and ask for account numbers, passwords, or social insurance numbers.

  • Drive-by attack.

Drive-by attacks utilize websites that aren’t secure to dump viruses or malware onto a visitor’s computer. This method of attack is difficult to guard against because it doesn’t require the user (your employee) to do anything. However, website filtering and employee cybersecurity training go a long way to mitigate this risk.

  • SQL injection attack

Database-driven websites are particularly vulnerable to SQL injection. These attacks use a SQL query to the database to gain unauthorized access to data on the server.

  • Malware attack

Malware is a broad term for any code that is designed to do damage to the systems it infiltrates. Once established in a system, malware often has the capacity to travel across the network, infecting any connected computers.


3. How Can Accounting Firms Reduce Cybersecurity Risk?

Although we’ve painted a pretty bleak picture about the interest in your data, the criminals out there, and the methods they are utilizing to turn your CPA firm into a victim, there is hope.

You can take control of your cybersecurity risk profile and close down vectors of cyberattacks.

While the methods of reducing risk can become complex in application, in principle, they’re fairly straightforward. To reduce cybersecurity risk, organizations should:

  • Document Protocols.

Cybersecurity policies run the gamut from how to build strong passwords to what steps to take if an attack should occur. Having these protocols in place provides a roadmap that lowers risk exposure.

  • Train users.

Employees are always the weakest link of any cybersecurity strategy. Why? Because we are all humans. We can make mistakes and can be tricked into doing precisely what the criminals want us to do. Training users on best practices is the first line of defense in reducing risk.

  • Make systems redundant.

Mission-critical data and workflow applications need to be backed up. Redundant systems ensure that you will be able to keep productivity rolling, even if your on-site assets become compromised.

  • Harden systems.

Starting with a risk assessment, hardening your systems is the job of a cybersecurity professional. Everything from email security to firewall settings has to be examined, updated, configured, and monitored against attack.

And, last, but not least:

  • Get help.

Most small to mid-size accounting firms do not have the in-house cybersecurity specialists needed to set up and manage a comprehensive data and workflow protection protocol. Bringing in IT security professionals will uncover the gaps in your current IT protection strategies and set you up for success against cybercrime.


Looking for someone to take the management of cybersecurity risks for accounting firms off your plate? We’re here to serve the accounting firms of Chicagoland. Let’s talk.



Ciro Cetrangolo is an IT specialist with over 30+ years in the IT services industry. Ciro has a deep understanding of the software, workflow, and underlying technology of accounting organizations and helps firms like yours achieve the secure, stable, and streamlined IT environments you need to accomplish your work more effectively. See my Amazon Author Profile